googleapis
diff --git a/‎AUTHENTICATION.md‎
Lines changed: 40 additions & 45 deletions b/‎AUTHENTICATION.md‎
Lines changed: 40 additions & 45 deletions
diff --git a/‎CLIENT_CONFIGURATION.md‎
Lines changed: 57 additions & 38 deletions b/‎CLIENT_CONFIGURATION.md‎
Lines changed: 57 additions & 38 deletions
@@ -8,10 +8,10 @@ To review all of your authentication options see [Credential Lookup](#credential
 For more information about authentication at Google, see [the authentication guide](https://cloud.google.com/docs/authentication).
 Specific instructions and environment variables for each individual service are linked from the README documents listed below for each service.
 
-## Credential Lookup
+## Application Default Credentials (ADC)
 
 The Google Cloud PHP library provides several mechanisms to configure your system without providing
-**Service Account Credentials** directly in code.
+**Service Account Credentials** directly in code. These are known as Application Default Credentials.
 
 **Credentials** are discovered in the following order:
 
@@ -20,26 +20,18 @@ The Google Cloud PHP library provides several mechanisms to configure your syste
 3. Credentials specified in a local ADC file
 4. Credentials from an attached service account (for code running on Google Cloud Platform)
 
-### Google Cloud Platform environments
-
-While running on Google Cloud Platform environments such as Google Compute Engine, Google App Engine
-and Google Kubernetes Engine, no extra work is needed. The **Credentials** and are discovered
-automatically from the attached service account. Code should be written as if already authenticated.
-
-For more information, see
-[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa).
-
 ### Environment Variables
 
-**NOTE**: This library uses [`getenv`](https://www.php.net/manual/en/function.getenv.php), so if
-your environment variables are set in PHP, they must use
-[`putenv`](https://www.php.net/manual/en/function.putenv.php),
+The **Credentials JSON** can be placed in environment variables instead of
+declaring them directly in code.
 
 ```php
 putenv("GOOGLE_APPLICATION_CREDENTIALS=" . __DIR__ . '/your-credentials-file.json');
 ```
-The **Credentials JSON** can be placed in environment variables instead of
-declaring them directly in code.
+
+**NOTE**: This library uses [`getenv`](https://www.php.net/manual/en/function.getenv.php), so if
+your environment variables are set in PHP, they must use
+[`putenv`](https://www.php.net/manual/en/function.putenv.php).
 
 Here are the environment variables that Google Cloud PHP checks for credentials:
 
@@ -54,6 +46,34 @@ Note: Service account keys are a security risk if not managed correctly. You sho
 [choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
 whenever possible.
 
+### Local ADC file
+
+This option allows for an easy way to authenticate in a local environment during development. If
+credentials are not provided in code or in environment variables, then your user credentials can be
+discovered from your local ADC file.
+
+To set up a local ADC file:
+
+1. [Download, install, and initialize the Cloud SDK](https://cloud.google.com/sdk)
+2. Create your local ADC file:
+    ```sh
+    gcloud auth application-default login
+    ```
+
+3. Write code as if already authenticated.
+
+**NOTE:** Because this method relies on your user credentials, it is _not_ recommended for running
+in production.
+
+### Google Cloud Platform environments
+
+While running on Google Cloud Platform environments such as Google Compute Engine, Google App Engine
+and Google Kubernetes Engine, no extra work is needed. The **Credentials** and are discovered
+automatically from the attached service account. Code should be written as if already authenticated.
+
+For more information, see
+[Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa).
+
 ### Project ID detection
 
 Some libraries support setting up the project ID via the `GOOGLE_CLOUD_PROJECT` environment variable.
@@ -72,7 +92,7 @@ The libraries that support this environment variable are:
 - Trace
 - Translate
 
-### Client Authentication
+## Credentials Options
 
 Each Google Cloud PHP client may be authenticated in code when creating a client library instance.
 Most clients use the `credentials` option for providing explicit credentials:
@@ -104,42 +124,17 @@ $storage = new StorageClient([
     'credentialsFetcher' => new ServiceAccountCredentials($scopes, $keyFile),
 ]);
 ```
+
 A list of clients that accept these parameters are:
 
 - [BigQuery](https://github.com/googleapis/google-cloud-php-bigquery)
-- [Datastore](https://github.com/googleapis/google-cloud-php-datastore)
-- [Firestore](https://github.com/googleapis/google-cloud-php-firestore)
 - [Logging](https://github.com/googleapis/google-cloud-php-logging)
-- [Spanner](https://github.com/googleapis/google-cloud-php-spanner)
 - [Storage](https://github.com/googleapis/google-cloud-php-storage)
 
 We recommend to visit the Check the [client documentation][php-ref-docs] for the client library you're using
 for more in depth information.
 
-### Local ADC file
-
-This option allows for an easy way to authenticate in a local environment during development. If
-credentials are not provided in code or in environment variables, then your user credentials can be
-discovered from your local ADC file.
-
-To set up a local ADC file:
-
-1. [Download, install, and initialize the Cloud SDK](https://cloud.google.com/sdk)
-2. Create your local ADC file:
-
-```sh
-gcloud auth application-default login
-```
-
-3. Write code as if already authenticated.
-
-**NOTE:** Because this method relies on your user credentials, it is _not_ recommended for running
-in production.
-
-For more information about setting up authentication for a local development environment, see
-[Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev).
-
-### API Keys
+## API Keys
 
 [API keys][api_keys] are a great way to quickly authenticate in a local environment during development. If
 you'd like to authenticate your client with API keys, use the `apiKey` client option when creating a new
@@ -170,4 +165,4 @@ If you're having trouble authenticating open a
 [Github Issue](https://github.com/googleapis/google-cloud-php/issues/new?title=Authentication+question)
 to get help. Also consider searching or asking
 [questions](http://stackoverflow.com/questions/tagged/google-cloud-platform+php) on
-[StackOverflow](http://stackoverflow.com).
+[StackOverflow](http://stackoverflow.com). See [Troubleshooting](DEBUG.md) for more details.
@@ -2,35 +2,12 @@
 
 The Google Cloud PHP Client Libraries (built on `google/gax` and `google/cloud-core`) allow you to configure client behavior via an associative array passed to the client constructor. This array is processed by the [`Google\ApiCore\ClientOptions`](https://docs.cloud.google.com/php/docs/reference/gax/latest/Options.ClientOptions) class.
 
-## Common Configuration Options
+## 1. Customizing the API Endpoint
 
-The following options can be passed to the constructor of any generated client (e.g., `PubSubClient`, `SpannerClient`, `StorageClient`).
+You can modify the API endpoint to connect to a specific Google Cloud region (to reduce latency or
+meet data residency requirements) or to a private endpoint (via Private Service Connect).
 
-| Option Key | Type | Description |
-| ----- | ----- | ----- |
-| `credentials` | `string` | `array` |
-| `apiKey` | `string` | An **API Key** for services that support public API key authentication (bypassing OAuth2). |
-| `apiEndpoint` | `string` | The address of the API remote host. specific for **Regional Endpoints** (e.g., `us-central1-pubsub.googleapis.com:443`) or Private Service Connect. |
-| `transport` | `string` | Specifies the transport type. Options: `'grpc'` (default), `'rest'`, or `'grpc-fallback'`. |
-| `transportConfig` | `array` | Configuration specific to the transport, such as gRPC channel arguments. |
-| `disableRetries` | `bool` | If `true`, disables the default retry logic for all methods in the client. |
-| `logger` | `Psr\Log\LoggerInterface` | A PSR-3 compliant logger for client-level logging and tracing. |
-| `universeDomain` | `string` | Overrides the default service domain (defaults to `googleapis.com`) for Cloud Universe support. |
-
-## 1\. Authentication Configuration
-
-While the client attempts to find "Application Default Credentials" automatically, you can explicitly provide them using
-the `credentials` or `apiKey` options. See [`Authentication`][authentication.md] for details and examples.
-
-[authentication.md]: https://cloud.google.com/php/docs/reference/help/authentication
-
-## 2\. Customizing the API Endpoint
-
-You can modify the API endpoint to connect to a specific Google Cloud region (to reduce latency or meet data residency requirements) or to a private endpoint (via Private Service Connect).
-
-### Connecting to a Regional Endpoint
-
-Some services, like Pub/Sub and Spanner, offer regional endpoints.
+Some services, like Pub/Sub and Spanner, offer **regional endpoints**:
 
 ```php
 use Google\Cloud\PubSub\PubSubClient;
@@ -41,13 +18,29 @@ $pubsub = new PubSubClient([
 ]);
 ```
 
-## 3\. Configuring a Proxy
+## 2. Authentication Configuration
+
+While the client attempts to find [Application Default Credentials][adc] automatically, you can
+explicitly provide them using the `credentials` or `apiKey` options. See
+[`Authentication`][authentication.md] for details and examples.
+
+[adc]: https://cloud.google.com/docs/authentication/application-default-credentials)
+[authentication.md]: https://cloud.google.com/php/docs/reference/help/authentication
+
+## 3. Logging
+
+Logging can be enabled using environment variables, but you can provide an explicit PSR-3 logger
+using the `logger` option. See [Troubleshooting](DEBUG.md) for a comprehensive guide.
+
+## 3. Configuring a Proxy
 
 The configuration method depends on whether you are using the `grpc` (default) or `rest` transport.
 
 ### Proxy with gRPC
 
-When using the gRPC transport, the client library respects the [standard environment variables](https://grpc.github.io/grpc/php/md_doc_environment_variables.html). You **do not** need to configure this in the PHP code itself.
+When using the gRPC transport, the client library respects the
+[standard environment variables](https://grpc.github.io/grpc/php/md_doc_environment_variables.html).
+You **do not** need to configure this in the PHP code itself.
 
 Set the following environment variables in your shell or Docker container:
 
@@ -56,7 +49,9 @@ export http_proxy="http://proxy.example.com:3128"
 export https_proxy="http://proxy.example.com:3128"
 ```
 
-**Handling Self-Signed Certificates (gRPC):** If your proxy uses a self-signed certificate (Deep Packet Inspection), you cannot simply "ignore" verification in gRPC. You must provide the path to the proxy's CA certificate bundle.
+**Handling Self-Signed Certificates (gRPC):** If your proxy uses a self-signed certificate
+(Deep Packet Inspection), you cannot simply "ignore" verification in gRPC. You must provide the path
+to the proxy's CA certificate bundle.
 
 ```
 # Point gRPC to a CA bundle that includes your proxy's certificate
@@ -65,7 +60,9 @@ export GRPC_DEFAULT_SSL_ROOTS_FILE_PATH="/path/to/roots.pem"
 
 ### Proxy with REST
 
-If you are forcing the `rest` transport (or using a library that only supports REST), you must configure the proxy via the `transportConfig` option. This passes the settings down to the underlying Guzzle client.
+If you are forcing the `rest` transport (or using a library that only supports REST), you must
+configure the proxy via the `transportConfig` option. This passes the settings down to the
+underlying Guzzle client.
 
 ```php
 use Google\Auth\HttpHandler\HttpHandlerFactory;
@@ -84,17 +81,20 @@ $secretManagerClient = new SecretManagerServiceClient([
 ]);
 ```
 
-## 4\. Configuring Retries and Timeouts
+## 4. Configuring Retries and Timeouts
 
-There are two ways to configure retries and timeouts: global client configuration (complex) and per-call configuration (simple).
+There are two ways to configure retries and timeouts: global client configuration (complex) and
+per-call configuration (simple).
 
 ### Per-Call Configuration (Recommended)
 
-For most use cases, it is cleaner to override settings for specific calls using `Google\ApiCore\Options\CallOptions` (or the `$optionalArgs` array in generated clients).
+For most use cases, it is cleaner to override settings for specific calls using
+`Google\ApiCore\Options\CallOptions` (or the `$optionalArgs` array in generated clients).
 
 #### Available `retrySettings` Keys
 
-When passing an array to `retrySettings`, you can use the following keys to fine-tune the exponential backoff strategy:
+When passing an array to `retrySettings`, you can use the following keys to fine-tune the
+exponential backoff strategy:
 
 | Key | Type | Description |
 | ----- | ----- | ----- |
@@ -125,7 +125,9 @@ $secretManagerClient->accessSecretVersion($request, $callOptions);
 
 ### Disabling Retries
 
-You can also configure retries globally by passing a `clientConfig` array to the constructor. This is useful if you want to change the default retry strategy for *all* calls made by that client instance.
+You can also configure retries globally by passing a `clientConfig` array to the constructor.
+This is useful if you want to change the default retry strategy for *all* calls made by that client
+instance.
 
 ```php
 use Google\Cloud\PubSub\PubSubClient;
@@ -136,9 +138,11 @@ $pubsub = new PubSubClient([
 ]);
 ```
 
-## 5\. Logging
+## 5. Logging
 
-You can attach any PSR-3 compliant logger (like Monolog) to debug request headers, status codes, and payloads. See [Debug Logging](https://docs.cloud.google.com/php/docs/reference/help/debug) for more examples.
+You can attach any PSR-3 compliant logger (like Monolog) to debug request headers, status codes, and
+payloads. See [Debug Logging](https://docs.cloud.google.com/php/docs/reference/help/debug) for more
+examples.
 
 ```php
 use Google\Cloud\PubSub\PubSubClient;
@@ -153,3 +157,18 @@ $client = new PubSubClient([
 ]);
 ```
 
+## 6. Other Common Configuration Options
+
+The following options can be passed to the constructor of any generated client (e.g.,`PubSubClient`,
+`SpannerClient`, `StorageClient`).
+
+| Option Key | Type | Description |
+| ----- | ----- | ----- |
+| `credentials` | `string` | `array` |
+| `apiKey` | `string` | An **API Key** for services that support public API key authentication (bypassing OAuth2). |
+| `apiEndpoint` | `string` | The address of the API remote host. specific for **Regional Endpoints** (e.g., `us-central1-pubsub.googleapis.com:443`) or Private Service Connect. |
+| `transport` | `string` | Specifies the transport type. Options: `'grpc'` (default), `'rest'`, or `'grpc-fallback'`. |
+| `transportConfig` | `array` | Configuration specific to the transport, such as gRPC channel arguments. |
+| `disableRetries` | `bool` | If `true`, disables the default retry logic for all methods in the client. |
+| `logger` | `Psr\Log\LoggerInterface` | A PSR-3 compliant logger for client-level logging and tracing. |
+| `universeDomain` | `string` | Overrides the default service domain (defaults to `googleapis.com`) for Cloud Universe support. |